OK, more info. My belief is that the packets are not being DNAT'd
properly. I added this to that chain:

 

-A PREROUTING -j LOG --log-prefix "test" --log-level 7

 

And was able to log all the incoming HTTP packets. I then added these
two:

 

-A FORWARD -p tcp -m tcp --dport 80 -j LOG --log-prefix "test"
--log-level 7 

-A OUTPUT -p tcp -m tcp --dport 80 -j LOG --log-prefix "test"
--log-level 7

 

A properly DNAT'd packet should pass through FORWARD and then OUTPUT,
but I found nothing in the log. Is it possible that the DNAT module
isn't loaded?

 

I've done tcpdump and the firewall definitely always receives the
internet-incoming message and the web server never receives it.

 

Any clues?

 

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of George Vieira
Sent: Thursday, June 12, 2003 5:18 PM
To: Kent Wang; netfilter@lists.netfilter.org
Subject: RE: IP forwarding on port 80 

 

What debugging have you done? tcpdump, iptables logging, anything?

 

Does your web server have a default gateway of the firewall?

Thanks,

 

____________________________________________
George Vieira
Citadel Computer Systems Pty Ltd   Systems Manager   georgev AT
citadelcomputer DOT com DOT au   

Citadel Computer Systems Pty Ltd

Phone : +61 2 9955 2644   HelpDesk: +61 2 9955 2698
<http://www.citadelcomputer.com.au/>  http://www.citadelcomputer.com.au
<http://www.citadelcomputer.com.au/>